1. Field of the Invention
The present invention relates to a security management apparatus, a security management system, a security management method, and a security management program that are capable of eliminating dangers of causing abnormality in a network system, such as unauthorized access.
2. Description of the Related Art
As techniques for security management services, the following have heretofore been known, by way of example.
A first conventional technique comprises a client machine to which a patch is applicable, and a server computer holding patch data and software data for the client machine. The server computer applies a patch to the client computer [for example, see Japanese Patent Application Unexamined Publication (KOKAI) Nos. 2002-55839 and 2000-250743].
The operation of the prior art is as follows. (1) First, software information concerning the client computer is registered in the server computer. (2) Next, information concerning software to be updated and software depending thereon is registered in the server computer. (3) Then, it is judged whether or not to make software updating for the client computer, and (4) a patch is distributed to the client computer from the server computer.
According to a second conventional technique, a monitoring server remotely executes virus checking for a monitored client and receives the result of the execution. If a virus is detected, the monitoring server notifies the monitored client of the detection of the virus [for example, see Japanese Patent Application Unexamined Publication (KOKAI) No. Hei 11-327897].
The operation of the second prior art is as follows. (1) First, the monitoring server checks whether virus checking has been executed or not for the monitored clients. (2) The monitoring server requests execution of virus checking for a monitored client that has not been subjected to virus checking. (3) The monitoring server receives the result of the execution. (4) The monitoring server notifies the monitored client whether or not a virus has been detected.
However, the first conventional technique lacks the function of selectively obtaining various security information open to the public on the Web according to machine information and is therefore inferior in flexibility in terms of security measures. Accordingly, this technique is difficult to apply to a wide range of uses. Similarly, the second conventional technique is limited only to virus checking and incapable of taking various security measures according to machine information.
It should be noted that the present applicant proposed a technique in which a filtering rule is created for a security hole for which a patch has not yet been open to the public, to protect the security hole by the filter until a patch is open to the public, and the rule is deleted when a patch is open to the public. This technique also lacks the function of obtaining machine information concerning a network machine and creating a rule in conformity to the machine and is therefore inferior in applicability. That is, it cannot offer wide applicability.